Common Web security vulnerabilities and test methods Introduction
Background
Web applications generally refers collectively B / S structure via HTTP / HTTPS protocol to provide services. With the development of the Internet, Web applications have been integrated into all aspects of our daily lives. In the current Web applications, most applications are not static Web browsing, but to the dynamic processing server. If the developer's security awareness is not strong, it will lead to Web application security issues abound.
We generally say that the Web application *** *** who refers browser *** or other tool, URL or other input area (such as forms, etc.), send a special request to the Web server, and found Web application vulnerability exists, and then operate and control the site's purpose ***.
Common security vulnerabilities
A, SQL injection
SQL injection (SQL Injection), is the most common effects of a very wide range of vulnerabilities. *** who by SQL commands inserted into a Web form to submit the query string or enter a domain name or page request, and ultimately to deceive the server to execute malicious SQL commands to the database to execute arbitrary queries *** not inspired.
SQL injection may cause harm are: Web, data tampering, data theft core, server hosting the database is ***, it turned into a puppet master.
For example, some sites do not use precompiled sql, some of the fields entered by the user in the interface is added to the sql in these fields is likely to contain malicious sql command. Such as: password = "1 'OR' 1 '=' 1"; even if the user does not know the password, can log normal.
Test Methods:
In the pages need to be queried, enter the correct query and 1 = 1 and other simple sql statement, see the response results, such as the right to return query results are consistent with the input, indicates that the application of the user input is not filtered, it can initially determine the presence here SQL injection vulnerability
Two, XSS Cross Site Scripting ***
SS (Cross Site Script), similar to SQL injection, XSS malicious script is inserted through the pages, HTML technology is mainly used in the front and JavaScript scripts. When users browse the Web, to achieve control of the user's browser behavior *** way.
A successful XSS, can get into the user's cookie, use the cookie to steal the user's authority to operate the site; can also get to the user's contact list, use a large amount is sent to a specific target group identity of persons *** spam, and so on.
XSS divided into three categories: storage type (persistent XSS), reflective (non-persistent XSS), DOM type.
Test Methods:
In the data entry screen, enter: <script> alert (/ 123 /) </ script>, after successfully saved if the pop-up dialog box that indicates the presence of a XSS vulnerability here.
Or the request url parameter to <script> alert (/ 123 /) </ script>, if the page dialog box, indicating the presence of a XSS vulnerabilities here.
Three, CSRF cross-site request forgery ***
CSRF (Cross Site Request Forgery), using the identity of a user logged in the name of the user to send malicious requests to complete the illegal operation.
For example: if the user browse and trust in the existence of CSRF vulnerabilities site A, the browser generates the corresponding cookie, users without exit the site, visit dangerous websites B.
Site B requires access to dangerous sites A, issued a request. With the user's browser cookie information visit the website A, because the site does not know A request is a request sent by the user's own site B or dangerous issue, it will process the request of risky sites B, thus completing the simulation of user actions purpose. This is the basic idea of CSRF ***.
Test Methods:
- The same browser to open two pages, after a page permissions fails, the other page is operational success, if that is still operating successfully at risk.
2. Use the tool sends a request, the http request header is not added referer field test returns a response message, it should be relocated to the error screen or login screen.
Fourth, file upload vulnerability
*** *** upload file refers to an executable file to upload to the server and perform.
*** This is the most direct and effective way. Uploaded files can be viral, ***, malicious scripts or webshell and so on.
Webshell is asp, php, jsp or cgi there is a command-page document and other forms of execution environment, it can be said is a web back door. *** After those affected system to prevent or insert webshell, you can enter the system through webshell easy to control the web server purposes.
Test Methods:
The uploaded file type, size and so on strict verification, to prohibit the uploading malicious code files.
The implementation of the relevant directory permissions should be verified, you can access all the directories on the Web server through a browser, check whether to return the directory structure, if the display of a directory structure, there may be security problems.
Five, URL jumps vulnerability
Jump URL vulnerability that unproven Redirection Vulnerability refers to the Web program to jump directly to the URL parameter, or the introduction of any developer URL in the page, the program will be directed to a third-party regional insecurity, causing security problems.
Test Methods:
1. capture tool fetch request.
2. crawl url 302, and modify the target address, see if you can jump.
ps: but now we have added a lot of jump leads referer check *** who fail to jump.
to sum up
The above is some of the common Web security vulnerabilities and test methods, in the case of the current network security more and more attention, the importance of Web security testing in the testing process has become increasingly prominent, although there AppScan such as vulnerability scanning tools, testing personnel for common security vulnerabilities also need to have a certain awareness.
About the author: Zhang Bin, 6 years of testing experience, proficient in automated testing, performance testing, continuous delivery and overall product quality improvement.